Spam from "GSN" to e-mail address registered on Play.com

GustyGardenGalaxy

After this fiasco, I for one won't be buying anything from Play again. Their lack of information, "couldn't really care" attitude and poor response times are unacceptable.

I wish I could have my account with them deleted, but even that doesn't seem to be possible.

capate

halfer wrote: »

...Since the spam incident, I've not received an email from your firm. I am guessing therefore that not all customers affected by this have been emailed.

I’ve not received any of the emailed play.com statements (message to customers) either, which would seem to suggest that they still don’t actually understand whose/which details have been leaked/ obtained or are they simply incompetent when it come to emailing their customers

Perkins purportedly wrote:
“...We believe this issue maybe related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again...”

They *believe* this *maybe* related.... - so they don’t actually know
Investigations at the time showed *no evidence*... - so they don’t actually know
No mention of any new investigation that has categorically identified the point of exposure - so kite flying an idea
How can they assure customers of what has or has not been leaked if they don’t actually know whether the incident to which they refer is related or not?
Similarly, how can they take all necessary steps to ensure that a breach of this nature cant happen again if they don’t actually know precisely what happened?

spiffer

No, I don't think they really know. Bear in mind that they wouldn't even be aware of the issue if those of us with dedicated email addresses hadn't spoken up in sufficient numbers. Even our evidence is purely circumstantial - it's just the numbers that make it compelling.

And I'd like to register as another user who has not received an explanation. I'm not subscribed to newsletters, so perhaps that's the difference? Or is it that Play need to use Silverpop to send out the advice?

capate

spiffer wrote: »

And I'd like to register as another user who has not received an explanation. I'm not subscribed to newsletters, so perhaps that's the difference?

It could be the difference - I had opted-out of marketing/ newsletter as well

I would also like to know why:

In play.com’s first statement they wrote:
“...We are emailing all our customers to let you know that a company that handle part of our marketing communications has had a security breach...”

As someone who was opted-out of marketing, why were my details with their *marketing* company?

Evilm

Redcase wrote: »

I changed my email early this afternoon and received a conformation email right away.This second email from John at play was sent to my original address,does this mean that they are outsourcing thier responces.sorry if i am being thick,but if they acknowledged the change in email right away why did they send their email from John to my old one 8 hours later.

Its possible that the user info for the email was pulled more than 8 hours ago.

halfer

Good piece from the Guardian, thanks for posting that. It specifically mentions that card details cannot be deleted by the customer - excellent. If play.com fix that, that will be a good enough demonstration of goodwill for me.

halfer

GustyGardenGalaxy wrote: »

I wish I could have my account with them deleted, but even that doesn't seem to be possible.

I should think you have right to request this manually, and even if you have no legal right (depending on which jurisdiction they operate in) I'm sure they would honour the request.

Chunder_2

Just another voice to add to the others; I use site-specific email addresses too, and this let me know immediately that the spam was "on behalf of" play.com.

I raised a query via their website at 11:30am on Sunday, and received the stock response back before 3:30pm - although it doesn't appear to be completely 'boilerplate', as mine was slightly different to the one posted by Internet Pawn (an extra paragraph reading: "Please be assured that all your details are in secured and no one can acccess it." - yes, that's how it was written! :rotfl:)

I was just researching other courses of action (Information commissioner? Submission to a news site/blog?) when I discovered that the news has already spread like wildfire. Excellent.

It's worth noting that I have not received any communication from Play.com regarding the risk that my personal data has been lost - even though most of the news reports carry the 'quote' from John Perkins: "We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps."

I'm not sure which aspect I'm most annoyed about: the data loss, the lack of communication, or perhaps that it happened back in December!

(Long-time-occasional-lurker; new account so I can join in properly )

Redcase

Evilm wrote: »

Its possible that the user info for the email was pulled more than 8 hours ago.

Thank you Evilm for answering,i thought that the Play.com CEO John Perkins had joined to answer questions and help solve issues but i see now that it would be easier to get a responce from thier website.;)

GustyGardenGalaxy

Redcase wrote: »

Thank you Evilm for answering,i thought that the Play.com CEO John Perkins had joined to answer questions and help solve issues but i see now that it would be easier to get a responce from thier website.;)

A CEO joining a forum to answer questions? Hah - no such luck!

That single message from the play.com poster was only put here to try and shut us up.

Message to play.com: it didn't work!